Posted on 04/22/2003 11:38:23 AM PDT by ShadowAce
Dodgy goings on backstage
By : Monday 21 April 2003, 11:10
Being a wary security sort, my early experience with Opera was good. I didn't want to believe that Opera was no longer behaving ethically. I wanted to find other culprits.
Ok, let's review... I was running anti-virus at least two extra full scans a day, with daily updates (AVG-Anti Virus - free for personal use and a very good anti-virus program). I also had Ad-Aware running and cleaning everything it could find several times daily. I didn't want to believe that Opera wasn't behaving ethically. The machine also operated on a network connection behind a firewall appliance.
I realized this wasn't enough.
Time to install Sygate Personal Firewall (free for personal use). Heck - it should have been installed from the outset, but in a previous visit, it had interfered with my nephew's personal mud server.
I digress... Using Sygate is a bit of work if you want to be diligent about security, so I set the options to register every dll. This meant that every time a program loaded a new DLL, I would be asked permission, or the dll would not be allowed to load henceforth. Well - Opera went and caused me numerous notifications, and by reading the fine print, it was loading several DLLs at a time.
Now in fairness, dll's seemed to load at times when there might have been an excuse to do so, for example - when I asked to print a page, it loaded several dlls. Fine. I wasn't certain it needed as many as it asked for, but I allowed it. I noticed that every now and again, it seemed to be loading DLLs at synchronous moments when my nephews Opera-based mail account was periodically going to his POP3 server to look for mail. Odd. Now I noticed that opera seemed to occasionally update a dll that appeared to be connected to it's ad-banner, but while I objected to being updated without my express permission, I allowed it a couple of times.
But then during a now seemingly routine DLL load notification, I read that Opera had loaded a pgpmn.dll file, that I couldn't explain. After all, I wasn't using pgp on this machine, and my nephew hadn't fired it up in weeks, or longer, so I had to wonder - What was Opera doing with my pgp files, without my express permission to be there?
Having tried to e-mail Opera folks about security questions a few times in the past, I knew better than to try again, and I thought about the other odd things Opera had done recently.
Well, one of the things about Opera for some time now, is that I've noticed Opera's memory footprint growing on my system as if it had a bad memory leak. And after a hour of use, the Opera footprint could be pretty large. Opera crashes seemed to happen repeatedly after sucking up mucho memory, but I had thought that a design flaw that failed to dump old memory/pages aggressively enough.
(Right now with about 7 active windows, it was taking about 47 MB, with an additional 69 MB of virtual memory swapped out. I had lots to spare, but that's a pretty big chunk of memory. Opera commonly pumped itself up well over 100MB, and sometimes well over 200.
Time for another tool. PROCESS VIEWER (Free!) I used to use AATools, but those tools are nag-and-timeout-ware now, and this process viewer utility is fine to discover processes and threads under the hood.
Ok, after a look, Opera looked like it had referenced everything but the kitchen sink. While one nasty possibility I floated was that Opera was linking to a PGP dll to get at my private keyring - perhaps snooping for some dark-sunglasses guvmint agencies. An alternate explanation for accessing my pgp files, could be simply as on in a long list of modules Opera was just taking an inventory of. Less nefarious, but still unethical in my book.
Looking still deeper, Opera appeared to have pgpmn.dll listed twice in the modules list, with two different entry points. A few minutes later, Opera dropped one of the entry points, and again had pgpmn.dll registered only once. Time to worry some more. With two entry points to a pgp dll, it was no longer likely to be just a file inventory exercise.
And how many modules was Opera loading? In all one count just yielded 80 modules. Compared with all the other tasks running, it appeared to be the program with the largest number of modules linked.
The Process viewer also showed me the 8 threads it was running, and strangely, though MS Task Manager showed Opera operating at normal priority, the child threads showed a different story. No less than two threads were running at Time-Critical priority, and another thread was "above normal".
Now I'm worried. At this point, I no longer trust Opera, and will soon be removing it from all the PC's I own and influence - and that's a great lot of PC's BTW.
As far as I'm concerned, they have a near-impossible chance of winning back any trust from me, and despite the many features of Opera that I truly enjoyed, like mouse gestures and easy page ZOOM, I'm going to flip over to Phoenix. I've been playing with it, and thought it wasn't quite ready, but I now think that it is ready enough, based on the alternatives. (Phoenix and Mozilla also have the best support I've seen for Math-ML, do render complex mathematical formulae almost as well as TeX.) Phoenix is FAST, has a tiny memory footprint, and it is open source.
Oh, and for you lot out there still trusting the Microsoft browser, and Active-X controls, your security isn't affected by this Opera issue. Mind you, I won't run the Vole's browsers on my PCs either. Most data security professionals credit the Redmond Satan with writing the book on bad examples for security. You can have bad security on a Linux OR Microsoft box, but it is so much easier with MS.
So Opera folks - unless you can come up with a complete and thorough explanation, you might want to plead insanity, and go open source. For me, that's the most likely road back to any measure of trust. Today I've learned to spell betrayal - O.P.E.R.A. µ
I've recently started migrating to Phoenix/Firebird, the Mozilla-lite browser.
Earlier versions may not have this in there. Heck 7.03 may not be spyware--he seems to be reporting possibilities, rather than facts, but it seems rather damning.
I'm willing to give Opera the benefit of the doubt at this point.
New Name: Firebird
After months of discussion and further months of legal investigation, we're finally comfortable moving forward with new names. The new name for the Phoenix browser is "Firebird". The documentation and product strings will be updated soon. In addition to securing Firebird, we've also got the OK from those contributing legal resources to use the name "Thunderbird" for a mail client. Hopefully this will be the end of naming legal issues for a while.
Phoenix News Posted by Asa Dotzler | 2003-04-15
Only for the time-zone. The WIndows XP activation process requires name and address, but that's still not what is happening.
Lo and behold, without entering any voluntary location data, and always entering such info in a dodgy fashion when it was a "required field", the banner ads started getting personal, or at least - local, advertising businesses very close by.
Many IP addresses can be located to a geographical area:
http://www.geobytes.com/IpLocator.htm
It identified mine to the correct city. Your mileage may vary.
If you find you DO need mail, while I have yet to test it, Mozilla's stand-alone mail program, Thunderbird, also stripped out of the Mozilla interface, has won raves from folks who find it faster and less bloated than it's integrated counterpart.
Mozilla is a decent alternative, but it's size can be unwieldy. Once version 1.4 goes final (sometime this summer at the present development rate), all development will shift over to Phoenix/Firebird & Thunderbird.
If you're on a Mac, Mozilla's Camino ties their capabilities directly into the Jaguar interface.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.